From 27ef4a127a501822396a5b3aa202b4e847ae1f80 Mon Sep 17 00:00:00 2001
From: Ryo Nakamura <upa@haeena.net>
Date: Tue, 12 Aug 2025 19:14:29 +0900
Subject: [PATCH] try pubkey auth first instead of noauth

The libssh auth document suggets to call ssh_userauth_none() first to
obtain userauth list. However, it can lead PerSourcePenalties. Thus, try
pubkey auth first and try password and interactive auths next.
---
 src/ssh.c | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/src/ssh.c b/src/ssh.c
index b76f4ad..5430ece 100644
--- a/src/ssh.c
+++ b/src/ssh.c
@@ -117,23 +117,11 @@ static int ssh_authenticate(ssh_session ssh, struct mscp_ssh_opts *opts)
 	int auth_bit_mask;
 	int ret;
 
-	/* none method */
-	ret = ssh_userauth_none(ssh, NULL);
-	if (ret == SSH_AUTH_SUCCESS)
+	/* try publickey auth first */
+	char *p = opts->passphrase ? opts->passphrase : NULL;
+	if (ssh_userauth_publickey_auto(ssh, NULL, p) == SSH_AUTH_SUCCESS)
 		return 0;
 
-	auth_bit_mask = ssh_userauth_list(ssh, NULL);
-	if (auth_bit_mask & SSH_AUTH_METHOD_NONE &&
-	    ssh_userauth_none(ssh, NULL) == SSH_AUTH_SUCCESS)
-		return 0;
-
-	auth_bit_mask = ssh_userauth_list(ssh, NULL);
-	if (auth_bit_mask & SSH_AUTH_METHOD_PUBLICKEY) {
-		char *p = opts->passphrase ? opts->passphrase : NULL;
-		if (ssh_userauth_publickey_auto(ssh, NULL, p) == SSH_AUTH_SUCCESS)
-			return 0;
-	}
-
 	auth_bit_mask = ssh_userauth_list(ssh, NULL);
 	if (auth_bit_mask & SSH_AUTH_METHOD_PASSWORD) {
 		if (!opts->password) {